From 1fa1e58d701fe2171506feec5b2a130659afd8bd Mon Sep 17 00:00:00 2001
From: Mike Birnstiehl <michael.birnstiehl@elastic.co>
Date: Mon, 4 Aug 2025 14:46:36 -0500
Subject: [PATCH 1/8] add logs essentials get started

---
 .../get-started/logs-essentials.md            | 132 ++++++++++++++++++
 solutions/toc.yml                             |   3 +-
 2 files changed, 134 insertions(+), 1 deletion(-)
 create mode 100644 solutions/observability/get-started/logs-essentials.md

diff --git a/solutions/observability/get-started/logs-essentials.md b/solutions/observability/get-started/logs-essentials.md
new file mode 100644
index 0000000000..89a7115074
--- /dev/null
+++ b/solutions/observability/get-started/logs-essentials.md
@@ -0,0 +1,132 @@
+---
+navigation_title: Logs Essentials
+applies_to:
+  serverless: ga
+products:
+  - id: cloud-serverless
+  - id: observability
+---
+
+# Get started with {{obs-serverless}} Logs Essentials [logs-essentials-get-started]
+
+```{note}
+Use this guide to get started with the Logs Essentials feature tier of {{obs-serverless}}. Refer to the main [{{observability}} getting started](/get-started/index.md) docs to get started with {{obs-serverless}} Complete.
+```
+% Note should link to the feature tier comparison docs once published.
+
+New to Elastic {{obs-serverless}} Logs Essentials? Discover more about its features and how to get started. The following instructions guide you through setting up your first Elastic {{observability}} Logs Essentials deployment, collecting log data, and exploring your data.
+
+## Get started with your use case [get-started-with-use-case]
+
+Learn how to create an {{obs-serverless}} project and use Elastic {{observability}} to gain deeper insight into the behavior of your applications and systems.
+
+:::::::{stepper}
+
+::::::{step} Create an Observability project
+
+An {{obs-serverless}} project allows you to run {{obs-serverless}} in an autoscaled and fully-managed environment, where you don’t have to manage the underlying {{es}} cluster or {{kib}} instances.
+
+::::{dropdown} Steps for creating a project
+:::{note}
+The **Admin** role or higher is required to create projects. Refer to [Assign user roles and privileges](/deploy-manage/users-roles/cloud-organization/manage-users.md#general-assign-user-roles).
+:::
+
+1. Navigate to [cloud.elastic.co](https://cloud.elastic.co/) and log in to your account, or create one.
+1. Select **Create serverless project**.
+1. Under **Elastic for Observability**, select **Next**.
+1. Enter a name for your project.
+1. (Optional) Under **Settings** you can change the following:
+
+    * **Cloud provider**: The cloud platform where you’ll deploy your project. We currently support Amazon Web Services (AWS).
+    * **Region**: The [region](/deploy-manage/deploy/elastic-cloud/regions.md) where your project will live.
+
+1. Select **Edit settings**, and select **Observability Logs Essentials**.
+1. Select **Create serverless project**. It takes a few minutes to create your project.
+1. When the project is ready, click **Continue**.
+
+::::::
+
+::::::{step} Collect infrastructure logs
+
+Bring logs from your hosts and services into Elastic {{observability}} to monitor the health and performance of your infrastructure. You can collect this data from hosts, containers, Kubernetes, and Cloud services.
+
+:::::{dropdown} Steps for collecting infrastructure logs and metrics
+
+::::{tab-set}
+:::{tab-item} Hosts
+
+Elastic {{observability}} can collect logs from hosts through the Elastic Distribution of OpenTelemetry (EDOT) Collector or the Elastic Agent.
+
+1. Select **Add data** from the main menu and then select **Host**.
+2. Select one of these options:
+    * **OpenTelemetry: Logs**: Collect native OpenTelemetry logs.
+    * **Elastic Agent: Logs**: Bring data from Elastic integrations.
+3. Follow the instructions for your platform.
+
+For an overview of the EDOT, refer to [Elastic Distribution of OpenTelemetry (EDOT)](opentelemetry://reference/index.md).
+
+:::
+
+:::{tab-item} Kubernetes
+
+Elastic {{observability}} can collect logs from Kubernetes through the Elastic Distribution of OpenTelemetry (EDOT) Collector or the Elastic Agent.
+
+1. Select **Add data** from the main menu and then select **Kubernetes**.
+2. Select one of these options:
+    * **OpenTelemetry: Logs**: Collect native OpenTelemetry metrics and logs.
+    * **Elastic Agent: Logs**: Bring data from Elastic integrations.
+3. Follow the instructions for your platform.
+
+For an overview of EDOT, refer to [Elastic Distribution of OpenTelemetry (EDOT)](opentelemetry://reference/index.md).
+
+:::
+
+:::{tab-item} Cloud
+
+Elastic {{observability}} can collect logs from cloud services through Elastic integrations.
+
+1. Select **Add data** from the main menu and then select **Cloud**.
+2. Select your Cloud provider to view the collection of integrations available for that provider.
+3. Select the integration you want to add.
+4. Select **Add**.
+:::
+
+:::::
+
+::::::{step} Create your first dashboards
+
+Elastic provides a wide range of prebuilt dashboards for visualizing observability data from a variety of sources. These dashboards are loaded automatically when you install [Elastic integrations](https://docs.elastic.co/integrations). You can also create new dashboards and visualizations based on your data views.
+
+To create a new dashboard, select **Create Dashboard** and begin adding visualizations. You can create charts, graphs, maps, tables, and other types of visualizations from your data, or you can add visualizations from the library. You can also add other types of panels, such as filters and controls.
+
+For more information about creating dashboards, refer to [Create your first dashboard](/explore-analyze/dashboards/create-dashboard-of-panels-with-web-server-data.md).
+
+::::::
+
+::::::{step} Set up alerts
+
+Elastic {{observability}} lets you define rules of different types which detect complex conditions and trigger relevant actions. {{observability}} can send alerts to email, Slack, and other third-party systems. Refer to [Create and manage rules](/solutions/observability/incident-management/create-manage-rules.md) to get started.
+
+::::::
+
+:::::::
+
+## Related resources
+
+Use these resources to learn more about {{observability}} or get started in a different way.
+
+### Quickstarts
+
+Quickstarts are compact hands-on guides that help you experiment with {{observability}} features. Each quickstart provides a highly opinionated, fast path to data ingestion, with minimal configuration required.
+
+[Browse the Elastic {{observability}} quickstarts](/solutions/observability/get-started/quickstarts.md) to get started with specific use cases.
+
+### Observability integrations
+
+Many [{{observability}} integrations](https://www.elastic.co/integrations/data-integrations?solution=observability) are available to collect and process your data. Refer to [Elastic integrations](https://www.elastic.co/docs/reference/integrations) for more information.
+
+### Other resources
+
+* [What's Elastic {{observability}}](/solutions/observability/get-started/what-is-elastic-observability.md)
+* [What’s new in Elastic Stack](/release-notes/elastic-observability/index.md)
+* [{{obs-serverless}} billing dimensions](/deploy-manage/cloud-organization/billing/elastic-observability-billing-dimensions.md)
\ No newline at end of file
diff --git a/solutions/toc.yml b/solutions/toc.yml
index 95342ccb2d..fe34983ad0 100644
--- a/solutions/toc.yml
+++ b/solutions/toc.yml
@@ -109,6 +109,7 @@ toc:
             children:
               - file: observability/get-started/other-tutorials/tutorial-monitor-java-application.md
               - file: observability/get-started/other-tutorials/add-data-from-splunk.md
+          - file: observability/get-started/logs-essentials.md
       - file: observability/applications/index.md
         children:
           - file: observability/apm/index.md
@@ -660,7 +661,7 @@ toc:
           - file: security/explore/users-page.md
       - file: security/advanced-entity-analytics.md
         children:
-          - file: security/advanced-entity-analytics/overview.md 
+          - file: security/advanced-entity-analytics/overview.md
           - file: security/advanced-entity-analytics/entity-risk-scoring.md
             children:
               - file: security/advanced-entity-analytics/entity-risk-scoring-requirements.md

From fd90e12f43ebe390ba41a355e0867855f852f9a1 Mon Sep 17 00:00:00 2001
From: Mike Birnstiehl <114418652+mdbirnstiehl@users.noreply.github.com>
Date: Mon, 4 Aug 2025 15:04:10 -0500
Subject: [PATCH 2/8] Update
 solutions/observability/get-started/logs-essentials.md

---
 solutions/observability/get-started/logs-essentials.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/solutions/observability/get-started/logs-essentials.md b/solutions/observability/get-started/logs-essentials.md
index 89a7115074..92e88e539b 100644
--- a/solutions/observability/get-started/logs-essentials.md
+++ b/solutions/observability/get-started/logs-essentials.md
@@ -10,7 +10,7 @@ products:
 # Get started with {{obs-serverless}} Logs Essentials [logs-essentials-get-started]
 
 ```{note}
-Use this guide to get started with the Logs Essentials feature tier of {{obs-serverless}}. Refer to the main [{{observability}} getting started](/get-started/index.md) docs to get started with {{obs-serverless}} Complete.
+Use this guide to get started with the Logs Essentials feature tier of {{obs-serverless}}. Refer to the main [{{observability}} get started](/get-started/index.md) docs to get started with {{obs-serverless}} Complete.
 ```
 % Note should link to the feature tier comparison docs once published.
 

From 42facb9ff52065de3d22b8c125e21630ce6f1b11 Mon Sep 17 00:00:00 2001
From: Mike Birnstiehl <michael.birnstiehl@elastic.co>
Date: Tue, 5 Aug 2025 10:21:53 -0500
Subject: [PATCH 3/8] review updates

---
 .../observability/get-started/logs-essentials.md   | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/solutions/observability/get-started/logs-essentials.md b/solutions/observability/get-started/logs-essentials.md
index 92e88e539b..ce94ef9db6 100644
--- a/solutions/observability/get-started/logs-essentials.md
+++ b/solutions/observability/get-started/logs-essentials.md
@@ -10,7 +10,7 @@ products:
 # Get started with {{obs-serverless}} Logs Essentials [logs-essentials-get-started]
 
 ```{note}
-Use this guide to get started with the Logs Essentials feature tier of {{obs-serverless}}. Refer to the main [{{observability}} get started](/get-started/index.md) docs to get started with {{obs-serverless}} Complete.
+Use this guide to get started with the Logs Essentials feature tier of {{obs-serverless}}. Refer to the main [{{observability}} getting started](/solutions/observability/get-started/index.md) docs to get started with {{obs-serverless}} Complete, which includes APM and Infrastructure metrics.
 ```
 % Note should link to the feature tier comparison docs once published.
 
@@ -93,6 +93,15 @@ Elastic {{observability}} can collect logs from cloud services through Elastic i
 
 :::::
 
+::::::
+
+::::::{step} Explore logs in Discover
+
+**Discover** lets you quickly search and filter your log data, get information about the structure of your log fields, and display findings in a visualization. Instead of having to log into different servers, change directories, and view individual files, all your logs are available in a single view.
+
+For more information on exploring your logs in **Discover**, refer to [Explore logs in Discover](/solutions/observability/logs/discover-logs.md)
+::::::
+
 ::::::{step} Create your first dashboards
 
 Elastic provides a wide range of prebuilt dashboards for visualizing observability data from a variety of sources. These dashboards are loaded automatically when you install [Elastic integrations](https://docs.elastic.co/integrations). You can also create new dashboards and visualizations based on your data views.
@@ -129,4 +138,5 @@ Many [{{observability}} integrations](https://www.elastic.co/integrations/data-i
 
 * [What's Elastic {{observability}}](/solutions/observability/get-started/what-is-elastic-observability.md)
 * [What’s new in Elastic Stack](/release-notes/elastic-observability/index.md)
-* [{{obs-serverless}} billing dimensions](/deploy-manage/cloud-organization/billing/elastic-observability-billing-dimensions.md)
\ No newline at end of file
+* [{{obs-serverless}} billing dimensions](/deploy-manage/cloud-organization/billing/elastic-observability-billing-dimensions.md)
+* [Log monitoring](/solutions/observability/logs.md)
\ No newline at end of file

From 7e5760a9cde66d1f1ab7da3d3050fa988bdf0359 Mon Sep 17 00:00:00 2001
From: Mike Birnstiehl <michael.birnstiehl@elastic.co>
Date: Tue, 5 Aug 2025 10:30:24 -0500
Subject: [PATCH 4/8] fix link

---
 solutions/observability/get-started/logs-essentials.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/solutions/observability/get-started/logs-essentials.md b/solutions/observability/get-started/logs-essentials.md
index ce94ef9db6..60d1fae7e1 100644
--- a/solutions/observability/get-started/logs-essentials.md
+++ b/solutions/observability/get-started/logs-essentials.md
@@ -10,7 +10,7 @@ products:
 # Get started with {{obs-serverless}} Logs Essentials [logs-essentials-get-started]
 
 ```{note}
-Use this guide to get started with the Logs Essentials feature tier of {{obs-serverless}}. Refer to the main [{{observability}} getting started](/solutions/observability/get-started/index.md) docs to get started with {{obs-serverless}} Complete, which includes APM and Infrastructure metrics.
+Use this guide to get started with the Logs Essentials feature tier of {{obs-serverless}}. Refer to the main [{{observability}} getting started](/solutions/observability/get-started.md) docs to get started with {{obs-serverless}} Complete, which includes APM and Infrastructure metrics.
 ```
 % Note should link to the feature tier comparison docs once published.
 

From b61e42379fd6195fb9dece7f005fcb5f1bd99510 Mon Sep 17 00:00:00 2001
From: Mike Birnstiehl <114418652+mdbirnstiehl@users.noreply.github.com>
Date: Tue, 5 Aug 2025 12:50:24 -0500
Subject: [PATCH 5/8] Apply suggestions from code review

Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com>
---
 solutions/observability/get-started/logs-essentials.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/solutions/observability/get-started/logs-essentials.md b/solutions/observability/get-started/logs-essentials.md
index 60d1fae7e1..bc0eb0b9a8 100644
--- a/solutions/observability/get-started/logs-essentials.md
+++ b/solutions/observability/get-started/logs-essentials.md
@@ -14,7 +14,7 @@ Use this guide to get started with the Logs Essentials feature tier of {{obs-ser
 ```
 % Note should link to the feature tier comparison docs once published.
 
-New to Elastic {{obs-serverless}} Logs Essentials? Discover more about its features and how to get started. The following instructions guide you through setting up your first Elastic {{observability}} Logs Essentials deployment, collecting log data, and exploring your data.
+New to {{obs-serverless}} Logs Essentials? Discover more about its features and how to get started. The following instructions guide you through setting up your first Elastic {{observability}} Logs Essentials deployment, collecting log data, and exploring your data.
 
 ## Get started with your use case [get-started-with-use-case]
 
@@ -97,7 +97,7 @@ Elastic {{observability}} can collect logs from cloud services through Elastic i
 
 ::::::{step} Explore logs in Discover
 
-**Discover** lets you quickly search and filter your log data, get information about the structure of your log fields, and display findings in a visualization. Instead of having to log into different servers, change directories, and view individual files, all your logs are available in a single view.
+**Discover** lets you quickly search and filter your log data, get information about the structure of your log fields, and display findings in a visualization. Instead of having to log into different servers, change directories, and view individual files. All your logs are available in a single view.
 
 For more information on exploring your logs in **Discover**, refer to [Explore logs in Discover](/solutions/observability/logs/discover-logs.md)
 ::::::
@@ -114,7 +114,7 @@ For more information about creating dashboards, refer to [Create your first dash
 
 ::::::{step} Set up alerts
 
-Elastic {{observability}} lets you define rules of different types which detect complex conditions and trigger relevant actions. {{observability}} can send alerts to email, Slack, and other third-party systems. Refer to [Create and manage rules](/solutions/observability/incident-management/create-manage-rules.md) to get started.
+Elastic {{observability}} lets you define rules of different types which detect complex conditions and trigger relevant actions. Elastic {{observability}} can send alerts to email, Slack, and other third-party systems. Refer to [Create and manage rules](/solutions/observability/incident-management/create-manage-rules.md) to get started.
 
 ::::::
 
@@ -126,13 +126,13 @@ Use these resources to learn more about {{observability}} or get started in a di
 
 ### Quickstarts
 
-Quickstarts are compact hands-on guides that help you experiment with {{observability}} features. Each quickstart provides a highly opinionated, fast path to data ingestion, with minimal configuration required.
+Quickstarts are compact hands-on guides that help you experiment with Elastic {{observability}} features. Each quickstart provides a highly opinionated, fast path to data ingestion, with minimal configuration required.
 
 [Browse the Elastic {{observability}} quickstarts](/solutions/observability/get-started/quickstarts.md) to get started with specific use cases.
 
 ### Observability integrations
 
-Many [{{observability}} integrations](https://www.elastic.co/integrations/data-integrations?solution=observability) are available to collect and process your data. Refer to [Elastic integrations](https://www.elastic.co/docs/reference/integrations) for more information.
+Many [Elastic {{observability}} integrations](https://www.elastic.co/integrations/data-integrations?solution=observability) are available to collect and process your data. Refer to [Elastic integrations](https://www.elastic.co/docs/reference/integrations) for more information.
 
 ### Other resources
 

From 57d1526bd60f53a515d5c83a93a59d3def631a54 Mon Sep 17 00:00:00 2001
From: Mike Birnstiehl <114418652+mdbirnstiehl@users.noreply.github.com>
Date: Wed, 6 Aug 2025 14:32:48 -0500
Subject: [PATCH 6/8] Update
 solutions/observability/get-started/logs-essentials.md

Co-authored-by: Brandon Morelli <bmorelli25@gmail.com>
---
 solutions/observability/get-started/logs-essentials.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/solutions/observability/get-started/logs-essentials.md b/solutions/observability/get-started/logs-essentials.md
index bc0eb0b9a8..cea1ba60aa 100644
--- a/solutions/observability/get-started/logs-essentials.md
+++ b/solutions/observability/get-started/logs-essentials.md
@@ -97,7 +97,7 @@ Elastic {{observability}} can collect logs from cloud services through Elastic i
 
 ::::::{step} Explore logs in Discover
 
-**Discover** lets you quickly search and filter your log data, get information about the structure of your log fields, and display findings in a visualization. Instead of having to log into different servers, change directories, and view individual files. All your logs are available in a single view.
+**Discover** lets you quickly search and filter your log data, get information about the structure of your log fields, and display findings in a visualization. Instead of having to log into different servers, change directories, and view individual files, all your logs are available in a single view.
 
 For more information on exploring your logs in **Discover**, refer to [Explore logs in Discover](/solutions/observability/logs/discover-logs.md)
 ::::::

From c777638eb9f766695cb28ceb67ca5d3444ccf182 Mon Sep 17 00:00:00 2001
From: Mike Birnstiehl <114418652+mdbirnstiehl@users.noreply.github.com>
Date: Wed, 6 Aug 2025 14:41:10 -0500
Subject: [PATCH 7/8] Update
 solutions/observability/get-started/logs-essentials.md

Co-authored-by: Brandon Morelli <bmorelli25@gmail.com>
---
 solutions/observability/get-started/logs-essentials.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/solutions/observability/get-started/logs-essentials.md b/solutions/observability/get-started/logs-essentials.md
index cea1ba60aa..5dc7696a71 100644
--- a/solutions/observability/get-started/logs-essentials.md
+++ b/solutions/observability/get-started/logs-essentials.md
@@ -99,7 +99,7 @@ Elastic {{observability}} can collect logs from cloud services through Elastic i
 
 **Discover** lets you quickly search and filter your log data, get information about the structure of your log fields, and display findings in a visualization. Instead of having to log into different servers, change directories, and view individual files, all your logs are available in a single view.
 
-For more information on exploring your logs in **Discover**, refer to [Explore logs in Discover](/solutions/observability/logs/discover-logs.md)
+For more information on exploring your logs in **Discover**, refer to [Explore logs in Discover](/solutions/observability/logs/discover-logs.md).
 ::::::
 
 ::::::{step} Create your first dashboards

From a96d95c2064e9dc724696fab0abfad6e80ea0b70 Mon Sep 17 00:00:00 2001
From: Mike Birnstiehl <michael.birnstiehl@elastic.co>
Date: Wed, 6 Aug 2025 14:56:23 -0500
Subject: [PATCH 8/8] review updates

---
 solutions/observability/get-started/logs-essentials.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/solutions/observability/get-started/logs-essentials.md b/solutions/observability/get-started/logs-essentials.md
index 5dc7696a71..926315b0d5 100644
--- a/solutions/observability/get-started/logs-essentials.md
+++ b/solutions/observability/get-started/logs-essentials.md
@@ -132,7 +132,7 @@ Quickstarts are compact hands-on guides that help you experiment with Elastic {{
 
 ### Observability integrations
 
-Many [Elastic {{observability}} integrations](https://www.elastic.co/integrations/data-integrations?solution=observability) are available to collect and process your data. Refer to [Elastic integrations](https://www.elastic.co/docs/reference/integrations) for more information.
+Many {{observability}} integrations are available to collect and process your data. Refer to [Elastic integrations](https://www.elastic.co/docs/reference/integrations) for more information.
 
 ### Other resources